General
-
Target
mixthree_20210607-093819
-
Size
536KB
-
Sample
210607-554bnhmbcs
-
MD5
e7ccfdce0d5c66e3f1d4d89eac63fafa
-
SHA1
23634375e7b10ca832f7da12569e1390171a41fd
-
SHA256
4cd381d6f335c3f329c9d0aeff1a0336d1aeddd13e5cccef40315bb7b0616cc1
-
SHA512
9ddb95a47cd45f4a81e411240c7964411195dcd6e641eae31159b4601ac06084bf9a967acb4e88dd762fa70fdf4856fec135bd8c4bdc91968e47c542033af60f
Malware Config
Extracted
raccoon
28198d4512d0cf31c204eddceb4471d79950b588
-
url4cnc
https://tttttt.me/capibar
Targets
-
-
Target
mixthree_20210607-093819
-
Size
536KB
-
MD5
e7ccfdce0d5c66e3f1d4d89eac63fafa
-
SHA1
23634375e7b10ca832f7da12569e1390171a41fd
-
SHA256
4cd381d6f335c3f329c9d0aeff1a0336d1aeddd13e5cccef40315bb7b0616cc1
-
SHA512
9ddb95a47cd45f4a81e411240c7964411195dcd6e641eae31159b4601ac06084bf9a967acb4e88dd762fa70fdf4856fec135bd8c4bdc91968e47c542033af60f
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-